Warning: Permanently added '10.128.0.32' (ECDSA) to the list of known hosts. 2020/07/17 18:35:44 fuzzer started 2020/07/17 18:35:44 dialing manager at 10.128.0.26:41463 2020/07/17 18:35:46 syscalls: 2944 2020/07/17 18:35:46 code coverage: enabled 2020/07/17 18:35:46 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2020/07/17 18:35:46 extra coverage: enabled 2020/07/17 18:35:46 setuid sandbox: enabled 2020/07/17 18:35:46 namespace sandbox: enabled 2020/07/17 18:35:46 Android sandbox: /sys/fs/selinux/policy does not exist 2020/07/17 18:35:46 fault injection: enabled 2020/07/17 18:35:46 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/07/17 18:35:46 net packet injection: enabled 2020/07/17 18:35:46 net device setup: enabled 2020/07/17 18:35:46 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/07/17 18:35:46 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/07/17 18:35:46 USB emulation: /dev/raw-gadget does not exist 18:36:20 executing program 0: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000180)=0x10) r1 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0xd, &(0x7f0000000080)=@assoc_value={r2}, 0x8) [ 188.535380][ T8478] IPVS: ftp: loaded support on port[0] = 21 [ 188.838715][ T8478] chnl_net:caif_netlink_parms(): no params data found [ 189.133489][ T8478] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.140829][ T8478] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.150310][ T8478] device bridge_slave_0 entered promiscuous mode [ 189.162104][ T8478] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.169493][ T8478] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.179214][ T8478] device bridge_slave_1 entered promiscuous mode [ 189.230955][ T8478] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 189.247128][ T8478] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 189.296940][ T8478] team0: Port device team_slave_0 added [ 189.308615][ T8478] team0: Port device team_slave_1 added [ 189.351486][ T8478] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 189.358980][ T8478] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 189.385169][ T8478] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 189.399680][ T8478] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 189.408257][ T8478] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 189.434302][ T8478] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 189.584932][ T8478] device hsr_slave_0 entered promiscuous mode [ 189.707723][ T8478] device hsr_slave_1 entered promiscuous mode [ 190.112256][ T8478] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 190.177687][ T8478] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 190.225385][ T8478] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 190.294947][ T8478] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 190.668044][ T8478] 8021q: adding VLAN 0 to HW filter on device bond0 [ 190.708423][ T3602] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 190.717549][ T3602] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 190.744392][ T8478] 8021q: adding VLAN 0 to HW filter on device team0 [ 190.771702][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 190.781117][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 190.790614][ T23] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.797893][ T23] bridge0: port 1(bridge_slave_0) entered forwarding state [ 190.846267][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 190.855502][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 190.866142][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 190.875726][ T23] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.882946][ T23] bridge0: port 2(bridge_slave_1) entered forwarding state [ 190.891904][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 190.902687][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 190.913503][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 190.924037][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 190.934271][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 190.944940][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 190.992211][ T8478] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 191.003307][ T8478] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 191.028795][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 191.038527][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 191.048181][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 191.058932][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 191.068702][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 191.127421][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 191.136469][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 191.144088][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 191.183972][ T8478] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 191.255186][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 191.266239][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 191.322742][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 191.334563][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 191.355117][ T8478] device veth0_vlan entered promiscuous mode [ 191.369872][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 191.379037][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 191.402323][ T8478] device veth1_vlan entered promiscuous mode [ 191.462383][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 191.472104][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 191.481772][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 191.491975][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 191.512915][ T8478] device veth0_macvtap entered promiscuous mode [ 191.533157][ T8478] device veth1_macvtap entered promiscuous mode [ 191.577917][ T8478] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 191.589154][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 191.598763][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 191.608481][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 191.618606][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 191.642116][ T8478] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 191.654047][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 191.665542][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 18:36:24 executing program 0: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000180)=0x10) r1 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0xd, &(0x7f0000000080)=@assoc_value={r2}, 0x8) 18:36:24 executing program 0: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000180)=0x10) r1 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0xd, &(0x7f0000000080)=@assoc_value={r2}, 0x8) 18:36:24 executing program 0: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000180)=0x10) r1 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0xd, &(0x7f0000000080)=@assoc_value={r2}, 0x8) 18:36:24 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f00000000c0)=[{0x40, 0x0, 0x0, 0xbffff033}, {0x80000006}]}, 0x10) syz_emit_ethernet(0x46, &(0x7f0000000100)={@broadcast, @dev, @void, {@ipv6={0x86dd, @dccp_packet={0x0, 0x6, "4863c9", 0x10, 0x21, 0x0, @remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', {[], {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "1235ed", 0x0, "4cc673"}}}}}}}, 0x0) [ 192.593744][ T8695] ===================================================== [ 192.600755][ T8695] BUG: KMSAN: uninit-value in bpf_skb_load_helper_32+0xee/0x2d0 [ 192.608412][ T8695] CPU: 0 PID: 8695 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 192.617102][ T8695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 192.627172][ T8695] Call Trace: [ 192.630504][ T8695] dump_stack+0x1df/0x240 [ 192.634874][ T8695] kmsan_report+0xf7/0x1e0 [ 192.639328][ T8695] __msan_warning+0x58/0xa0 [ 192.643865][ T8695] bpf_skb_load_helper_32+0xee/0x2d0 [ 192.649190][ T8695] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 192.655277][ T8695] ___bpf_prog_run+0x214d/0x97a0 [ 192.660245][ T8695] ? bpf_skb_load_helper_16_no_cache+0x370/0x370 [ 192.666637][ T8695] __bpf_prog_run32+0x101/0x170 [ 192.671524][ T8695] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 192.677614][ T8695] ? kmsan_get_metadata+0x4f/0x180 [ 192.682750][ T8695] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 192.688576][ T8695] ? ___bpf_prog_run+0x97a0/0x97a0 [ 192.693701][ T8695] packet_rcv+0x70f/0x2150 [ 192.698130][ T8695] ? kmsan_get_metadata+0x4f/0x180 [ 192.703289][ T8695] ? packet_sock_destruct+0x1e0/0x1e0 [ 192.708680][ T8695] __netif_receive_skb_core+0x3e02/0x5890 [ 192.714468][ T8695] ? kmsan_get_metadata+0x4f/0x180 [ 192.719610][ T8695] netif_receive_skb+0x56c/0xff0 [ 192.724571][ T8695] ? __msan_poison_alloca+0xf0/0x120 [ 192.729889][ T8695] tun_get_user+0x6df8/0x72f0 [ 192.734631][ T8695] ? kmsan_get_metadata+0x11d/0x180 [ 192.739854][ T8695] tun_chr_write_iter+0x1f2/0x360 [ 192.744901][ T8695] ? tun_chr_read_iter+0x460/0x460 [ 192.750025][ T8695] vfs_write+0xd98/0x1480 [ 192.754421][ T8695] ksys_write+0x267/0x450 [ 192.758779][ T8695] __se_sys_write+0x92/0xb0 [ 192.763303][ T8695] __x64_sys_write+0x4a/0x70 [ 192.767911][ T8695] do_syscall_64+0xb0/0x150 [ 192.772436][ T8695] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 192.778346][ T8695] RIP: 0033:0x415c91 [ 192.782255][ T8695] Code: Bad RIP value. [ 192.786319][ T8695] RSP: 002b:00007fb96b6fbc60 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 192.794740][ T8695] RAX: ffffffffffffffda RBX: 000000000078bf00 RCX: 0000000000415c91 [ 192.802727][ T8695] RDX: 0000000000000046 RSI: 0000000020000100 RDI: 00000000000000f0 [ 192.810727][ T8695] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 192.818738][ T8695] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000078bf0c [ 192.826725][ T8695] R13: 0000000000c9fb6f R14: 00007fb96b6fc9c0 R15: 000000000078bf0c [ 192.834747][ T8695] [ 192.837078][ T8695] Uninit was stored to memory at: [ 192.842141][ T8695] kmsan_internal_chain_origin+0xad/0x130 [ 192.847883][ T8695] __msan_chain_origin+0x50/0x90 [ 192.852868][ T8695] ___bpf_prog_run+0x6c80/0x97a0 [ 192.857836][ T8695] __bpf_prog_run32+0x101/0x170 [ 192.862727][ T8695] packet_rcv+0x70f/0x2150 [ 192.867174][ T8695] __netif_receive_skb_core+0x3e02/0x5890 [ 192.872932][ T8695] netif_receive_skb+0x56c/0xff0 [ 192.877935][ T8695] tun_get_user+0x6df8/0x72f0 [ 192.882632][ T8695] tun_chr_write_iter+0x1f2/0x360 [ 192.887699][ T8695] vfs_write+0xd98/0x1480 [ 192.892060][ T8695] ksys_write+0x267/0x450 [ 192.896405][ T8695] __se_sys_write+0x92/0xb0 [ 192.900924][ T8695] __x64_sys_write+0x4a/0x70 [ 192.905527][ T8695] do_syscall_64+0xb0/0x150 [ 192.910053][ T8695] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 192.915961][ T8695] [ 192.918295][ T8695] Uninit was stored to memory at: [ 192.923324][ T8695] kmsan_internal_chain_origin+0xad/0x130 [ 192.929047][ T8695] __msan_chain_origin+0x50/0x90 [ 192.933989][ T8695] ___bpf_prog_run+0x6cbe/0x97a0 [ 192.938924][ T8695] __bpf_prog_run32+0x101/0x170 [ 192.943791][ T8695] packet_rcv+0x70f/0x2150 [ 192.948239][ T8695] __netif_receive_skb_core+0x3e02/0x5890 [ 192.953976][ T8695] netif_receive_skb+0x56c/0xff0 [ 192.958916][ T8695] tun_get_user+0x6df8/0x72f0 [ 192.963594][ T8695] tun_chr_write_iter+0x1f2/0x360 [ 192.968628][ T8695] vfs_write+0xd98/0x1480 [ 192.972956][ T8695] ksys_write+0x267/0x450 [ 192.977292][ T8695] __se_sys_write+0x92/0xb0 [ 192.981808][ T8695] __x64_sys_write+0x4a/0x70 [ 192.986420][ T8695] do_syscall_64+0xb0/0x150 [ 192.990944][ T8695] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 192.996833][ T8695] [ 192.999163][ T8695] Uninit was stored to memory at: [ 193.004209][ T8695] kmsan_internal_chain_origin+0xad/0x130 [ 193.009942][ T8695] __msan_chain_origin+0x50/0x90 [ 193.014920][ T8695] ___bpf_prog_run+0x6c64/0x97a0 [ 193.019912][ T8695] __bpf_prog_run32+0x101/0x170 [ 193.024782][ T8695] packet_rcv+0x70f/0x2150 [ 193.029203][ T8695] __netif_receive_skb_core+0x3e02/0x5890 [ 193.034947][ T8695] netif_receive_skb+0x56c/0xff0 [ 193.039895][ T8695] tun_get_user+0x6df8/0x72f0 [ 193.044577][ T8695] tun_chr_write_iter+0x1f2/0x360 [ 193.049621][ T8695] vfs_write+0xd98/0x1480 [ 193.053951][ T8695] ksys_write+0x267/0x450 [ 193.058290][ T8695] __se_sys_write+0x92/0xb0 [ 193.062796][ T8695] __x64_sys_write+0x4a/0x70 [ 193.067386][ T8695] do_syscall_64+0xb0/0x150 [ 193.071895][ T8695] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 193.077771][ T8695] [ 193.080088][ T8695] Local variable ----regs@__bpf_prog_run32 created at: [ 193.086940][ T8695] __bpf_prog_run32+0x87/0x170 [ 193.091698][ T8695] __bpf_prog_run32+0x87/0x170 [ 193.096446][ T8695] ===================================================== [ 193.103373][ T8695] Disabling lock debugging due to kernel taint [ 193.109525][ T8695] Kernel panic - not syncing: panic_on_warn set ... [ 193.109530][ C1] ===================================================== [ 193.109567][ C1] BUG: KMSAN: uninit-value in bpf_skb_load_helper_32+0xee/0x2d0 [ 193.116141][ T8695] CPU: 0 PID: 8695 Comm: syz-executor.0 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 193.140618][ T8695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 193.150665][ T8695] Call Trace: [ 193.153966][ T8695] dump_stack+0x1df/0x240 [ 193.158310][ T8695] panic+0x3d5/0xc3e [ 193.162242][ T8695] kmsan_report+0x1df/0x1e0 [ 193.166769][ T8695] __msan_warning+0x58/0xa0 [ 193.171283][ T8695] bpf_skb_load_helper_32+0xee/0x2d0 [ 193.176596][ T8695] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 193.182666][ T8695] ___bpf_prog_run+0x214d/0x97a0 [ 193.187617][ T8695] ? bpf_skb_load_helper_16_no_cache+0x370/0x370 [ 193.193980][ T8695] __bpf_prog_run32+0x101/0x170 [ 193.198867][ T8695] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 193.204941][ T8695] ? kmsan_get_metadata+0x4f/0x180 [ 193.210074][ T8695] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 193.215906][ T8695] ? ___bpf_prog_run+0x97a0/0x97a0 [ 193.221021][ T8695] packet_rcv+0x70f/0x2150 [ 193.225448][ T8695] ? kmsan_get_metadata+0x4f/0x180 [ 193.230584][ T8695] ? packet_sock_destruct+0x1e0/0x1e0 [ 193.235958][ T8695] __netif_receive_skb_core+0x3e02/0x5890 [ 193.241723][ T8695] ? kmsan_get_metadata+0x4f/0x180 [ 193.246850][ T8695] netif_receive_skb+0x56c/0xff0 [ 193.251792][ T8695] ? __msan_poison_alloca+0xf0/0x120 [ 193.257100][ T8695] tun_get_user+0x6df8/0x72f0 [ 193.261830][ T8695] ? kmsan_get_metadata+0x11d/0x180 [ 193.267063][ T8695] tun_chr_write_iter+0x1f2/0x360 [ 193.272109][ T8695] ? tun_chr_read_iter+0x460/0x460 [ 193.277228][ T8695] vfs_write+0xd98/0x1480 [ 193.281596][ T8695] ksys_write+0x267/0x450 [ 193.285944][ T8695] __se_sys_write+0x92/0xb0 [ 193.290460][ T8695] __x64_sys_write+0x4a/0x70 [ 193.295071][ T8695] do_syscall_64+0xb0/0x150 [ 193.299587][ T8695] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 193.305480][ T8695] RIP: 0033:0x415c91 [ 193.309367][ T8695] Code: Bad RIP value. [ 193.313431][ T8695] RSP: 002b:00007fb96b6fbc60 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 193.321854][ T8695] RAX: ffffffffffffffda RBX: 000000000078bf00 RCX: 0000000000415c91 [ 193.329842][ T8695] RDX: 0000000000000046 RSI: 0000000020000100 RDI: 00000000000000f0 [ 193.337814][ T8695] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 193.345784][ T8695] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000078bf0c [ 193.353755][ T8695] R13: 0000000000c9fb6f R14: 00007fb96b6fc9c0 R15: 000000000078bf0c [ 193.361762][ C1] CPU: 1 PID: 8462 Comm: syz-fuzzer Tainted: G B 5.8.0-rc5-syzkaller #0 [ 193.371385][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 193.381430][ C1] Call Trace: [ 193.384710][ C1] [ 193.387565][ C1] dump_stack+0x1df/0x240 [ 193.391911][ C1] kmsan_report+0xf7/0x1e0 [ 193.396329][ C1] __msan_warning+0x58/0xa0 [ 193.400833][ C1] bpf_skb_load_helper_32+0xee/0x2d0 [ 193.406147][ C1] ___bpf_prog_run+0x214d/0x97a0 [ 193.411095][ C1] ? run_timer_softirq+0x2d/0x50 [ 193.416030][ C1] ? __do_softirq+0x311/0x83d [ 193.420725][ C1] ? bpf_skb_load_helper_16_no_cache+0x370/0x370 [ 193.427066][ C1] __bpf_prog_run32+0x101/0x170 [ 193.431915][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 193.437133][ C1] ? kmsan_get_metadata+0x4f/0x180 [ 193.442277][ C1] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 193.448094][ C1] ? ___bpf_prog_run+0x97a0/0x97a0 [ 193.453215][ C1] packet_rcv+0x70f/0x2150 [ 193.457662][ C1] ? packet_sock_destruct+0x1e0/0x1e0 [ 193.463036][ C1] dev_queue_xmit_nit+0x11a0/0x1280 [ 193.468268][ C1] dev_hard_start_xmit+0x20c/0xa70 [ 193.473414][ C1] __dev_queue_xmit+0x2f8d/0x3b20 [ 193.478438][ C1] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 193.484502][ C1] ? idle_cpu+0x9a/0x1d0 [ 193.488761][ C1] ? sysvec_apic_timer_interrupt+0x11e/0x130 [ 193.494762][ C1] dev_queue_xmit+0x4b/0x60 [ 193.499268][ C1] ip6_finish_output2+0x2057/0x2620 [ 193.504498][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 193.509708][ C1] __ip6_finish_output+0x824/0x8e0 [ 193.514836][ C1] ip6_finish_output+0x166/0x410 [ 193.519784][ C1] ip6_output+0x60a/0x770 [ 193.524135][ C1] ? ip6_output+0x770/0x770 [ 193.528634][ C1] ? ac6_seq_show+0x200/0x200 [ 193.533308][ C1] mld_sendpack+0xeba/0x13d0 [ 193.537919][ C1] ? mld_send_report+0x480/0x480 [ 193.542867][ C1] mld_ifc_timer_expire+0x1158/0x1750 [ 193.548266][ C1] call_timer_fn+0x218/0x510 [ 193.552858][ C1] ? mld_gq_timer_expire+0x120/0x120 [ 193.558146][ C1] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 193.563954][ C1] __run_timers+0xd20/0x11c0 [ 193.568553][ C1] ? mld_gq_timer_expire+0x120/0x120 [ 193.573958][ C1] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 193.579783][ C1] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 193.585962][ C1] ? irqtime_account_irq+0xcb/0x2d0 [ 193.591174][ C1] run_timer_softirq+0x2d/0x50 [ 193.595963][ C1] ? timers_dead_cpu+0x8b0/0x8b0 [ 193.600906][ C1] __do_softirq+0x311/0x83d [ 193.605436][ C1] asm_call_on_stack+0x12/0x20 [ 193.610209][ C1] [ 193.613195][ C1] do_softirq_own_stack+0x7c/0xa0 [ 193.618231][ C1] __irq_exit_rcu+0x226/0x270 [ 193.622921][ C1] irq_exit_rcu+0xe/0x10 [ 193.627174][ C1] sysvec_apic_timer_interrupt+0x107/0x130 [ 193.632995][ C1] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 193.638983][ C1] RIP: 0010:kmsan_internal_is_vmalloc_addr+0xe/0x30 [ 193.645573][ C1] Code: 13 48 8b 54 32 08 c1 e9 09 83 e1 3f 48 0f a3 0a 72 02 31 c0 5d c3 66 0f 1f 44 00 00 55 48 89 e5 48 8b 05 55 85 81 0d 48 39 f8 <0f> 96 c1 48 ba ff ff ff ff ff 07 00 00 48 01 c2 48 39 fa 0f 97 c0 [ 193.665199][ C1] RSP: 0018:ffffb87a40daaca0 EFLAGS: 00000293 [ 193.671271][ C1] RAX: ffffb87a40000000 RBX: ffffb87a40dab038 RCX: 0000000000000001 [ 193.679238][ C1] RDX: ffffc07a3fffffff RSI: 0000000000000004 RDI: ffffb87a40dab038 [ 193.687206][ C1] RBP: ffffb87a40daaca0 R08: fffff0298000000f R09: ffffa04eafffb000 [ 193.695171][ C1] R10: 0000000000000004 R11: 0000000000000000 R12: 0000000000000000 [ 193.703144][ C1] R13: 00000000000000b4 R14: 0000000000000000 R15: 0000000000000000 [ 193.711167][ C1] kmsan_get_metadata+0x4f/0x180 [ 193.716121][ C1] kmsan_get_shadow_origin_ptr+0x6c/0xb0 [ 193.721765][ C1] __msan_metadata_ptr_for_load_4+0x10/0x20 [ 193.727660][ C1] sha256_update+0x7a4/0x9090 [ 193.732442][ C1] crypto_sha256_update+0x8b/0xb0 [ 193.737471][ C1] ? sha1_base_init+0x180/0x180 [ 193.742323][ C1] crypto_shash_update+0x4e9/0x550 [ 193.747453][ C1] ? integrity_kernel_read+0xfc/0x140 [ 193.752836][ C1] ima_calc_file_hash+0x187a/0x3880 [ 193.758031][ C1] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 193.763854][ C1] ? ext4_xattr_ibody_get+0x19f/0x12b0 [ 193.769330][ C1] ? up_read+0x40/0x2b0 [ 193.773482][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 193.778741][ C1] ? __msan_poison_alloca+0xf0/0x120 [ 193.784036][ C1] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 193.790113][ C1] ? kmsan_get_metadata+0x4f/0x180 [ 193.795231][ C1] ? kmsan_get_metadata+0x4f/0x180 [ 193.800359][ C1] ? kmsan_set_origin_checked+0x95/0xf0 [ 193.805898][ C1] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 193.812009][ C1] ima_collect_measurement+0x45b/0xa20 [ 193.817524][ C1] process_measurement+0x1a7d/0x2ce0 [ 193.822847][ C1] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 193.828915][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 193.834110][ C1] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 193.839913][ C1] ? apparmor_task_alloc+0x3d0/0x3d0 [ 193.845190][ C1] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 193.851248][ C1] ? kmsan_get_metadata+0x4f/0x180 [ 193.856394][ C1] ima_file_check+0x131/0x170 [ 193.861172][ C1] path_openat+0x4b9e/0x5d50 [ 193.865762][ C1] ? page_cpupid_xchg_last+0x9a/0x190 [ 193.871142][ C1] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 193.877204][ C1] ? should_fail+0x72/0x9e0 [ 193.881725][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 193.886926][ C1] ? kmsan_get_metadata+0x4f/0x180 [ 193.892060][ C1] do_filp_open+0x2b8/0x710 [ 193.896605][ C1] do_sys_openat2+0x96f/0xe30 [ 193.901323][ C1] __se_sys_openat+0x24a/0x2b0 [ 193.906291][ C1] __x64_sys_openat+0x56/0x70 [ 193.910984][ C1] do_syscall_64+0xb0/0x150 [ 193.915514][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 193.921413][ C1] RIP: 0033:0x4b3dfa [ 193.925293][ C1] Code: Bad RIP value. [ 193.929871][ C1] RSP: 002b:000000c000093830 EFLAGS: 00000206 ORIG_RAX: 0000000000000101 [ 193.938282][ C1] RAX: ffffffffffffffda RBX: 000000c00002c000 RCX: 00000000004b3dfa [ 193.946248][ C1] RDX: 0000000000080002 RSI: 000000c002968400 RDI: ffffffffffffff9c [ 193.954210][ C1] RBP: 000000c0000938a8 R08: 0000000000000000 R09: 0000000000000000 [ 193.962183][ C1] R10: 00000000000001a4 R11: 0000000000000206 R12: ffffffffffffffff [ 193.970179][ C1] R13: 0000000000000021 R14: 0000000000000020 R15: 0000000000000100 [ 193.978192][ C1] [ 193.980520][ C1] Uninit was stored to memory at: [ 193.985557][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 193.991291][ C1] __msan_chain_origin+0x50/0x90 [ 193.996244][ C1] ___bpf_prog_run+0x6c80/0x97a0 [ 194.001196][ C1] __bpf_prog_run32+0x101/0x170 [ 194.006073][ C1] packet_rcv+0x70f/0x2150 [ 194.010487][ C1] dev_queue_xmit_nit+0x11a0/0x1280 [ 194.015691][ C1] dev_hard_start_xmit+0x20c/0xa70 [ 194.020804][ C1] __dev_queue_xmit+0x2f8d/0x3b20 [ 194.025830][ C1] dev_queue_xmit+0x4b/0x60 [ 194.030336][ C1] ip6_finish_output2+0x2057/0x2620 [ 194.035635][ C1] __ip6_finish_output+0x824/0x8e0 [ 194.040782][ C1] ip6_finish_output+0x166/0x410 [ 194.045747][ C1] ip6_output+0x60a/0x770 [ 194.050087][ C1] mld_sendpack+0xeba/0x13d0 [ 194.054686][ C1] mld_ifc_timer_expire+0x1158/0x1750 [ 194.060068][ C1] call_timer_fn+0x218/0x510 [ 194.064685][ C1] __run_timers+0xd20/0x11c0 [ 194.069284][ C1] run_timer_softirq+0x2d/0x50 [ 194.074056][ C1] __do_softirq+0x311/0x83d [ 194.078551][ C1] [ 194.080875][ C1] Uninit was stored to memory at: [ 194.085908][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 194.091636][ C1] __msan_chain_origin+0x50/0x90 [ 194.096584][ C1] ___bpf_prog_run+0x6cbe/0x97a0 [ 194.101535][ C1] __bpf_prog_run32+0x101/0x170 [ 194.106395][ C1] packet_rcv+0x70f/0x2150 [ 194.110824][ C1] dev_queue_xmit_nit+0x11a0/0x1280 [ 194.116037][ C1] dev_hard_start_xmit+0x20c/0xa70 [ 194.121165][ C1] __dev_queue_xmit+0x2f8d/0x3b20 [ 194.126202][ C1] dev_queue_xmit+0x4b/0x60 [ 194.130716][ C1] ip6_finish_output2+0x2057/0x2620 [ 194.135925][ C1] __ip6_finish_output+0x824/0x8e0 [ 194.141070][ C1] ip6_finish_output+0x166/0x410 [ 194.146017][ C1] ip6_output+0x60a/0x770 [ 194.150350][ C1] mld_sendpack+0xeba/0x13d0 [ 194.154943][ C1] mld_ifc_timer_expire+0x1158/0x1750 [ 194.160326][ C1] call_timer_fn+0x218/0x510 [ 194.164932][ C1] __run_timers+0xd20/0x11c0 [ 194.169534][ C1] run_timer_softirq+0x2d/0x50 [ 194.174306][ C1] __do_softirq+0x311/0x83d [ 194.178800][ C1] [ 194.181125][ C1] Uninit was stored to memory at: [ 194.186164][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 194.191900][ C1] __msan_chain_origin+0x50/0x90 [ 194.196869][ C1] ___bpf_prog_run+0x6c64/0x97a0 [ 194.201825][ C1] __bpf_prog_run32+0x101/0x170 [ 194.206691][ C1] packet_rcv+0x70f/0x2150 [ 194.211125][ C1] dev_queue_xmit_nit+0x11a0/0x1280 [ 194.216863][ C1] dev_hard_start_xmit+0x20c/0xa70 [ 194.222006][ C1] __dev_queue_xmit+0x2f8d/0x3b20 [ 194.227041][ C1] dev_queue_xmit+0x4b/0x60 [ 194.231560][ C1] ip6_finish_output2+0x2057/0x2620 [ 194.236753][ C1] __ip6_finish_output+0x824/0x8e0 [ 194.241860][ C1] ip6_finish_output+0x166/0x410 [ 194.246799][ C1] ip6_output+0x60a/0x770 [ 194.251135][ C1] mld_sendpack+0xeba/0x13d0 [ 194.255729][ C1] mld_ifc_timer_expire+0x1158/0x1750 [ 194.261094][ C1] call_timer_fn+0x218/0x510 [ 194.265677][ C1] __run_timers+0xd20/0x11c0 [ 194.270256][ C1] run_timer_softirq+0x2d/0x50 [ 194.275010][ C1] __do_softirq+0x311/0x83d [ 194.279504][ C1] [ 194.281822][ C1] Local variable ----regs@__bpf_prog_run32 created at: [ 194.288666][ C1] __bpf_prog_run32+0x87/0x170 [ 194.293436][ C1] __bpf_prog_run32+0x87/0x170 [ 194.298180][ C1] ===================================================== [ 194.736418][ T8695] Shutting down cpus with NMI [ 194.755542][ T8695] Kernel Offset: 0x28c00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 194.767180][ T8695] Rebooting in 86400 seconds..